Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
There are two aspects of security to consider.
Encryption via TLS
If your use case requires TLS, we recommend putting stunnel or spiped "in front of" Faktory. For instance, here's how to build a Docker container with a stunnel frontend: https://dzone.com/articles/using-honcho-to-create-a-multi-process-docker-cont.
You can configure the Go and Ruby clients to use TLS by including
tls in the URL scheme:
Faktory uses a global password to verify client connections. When connecting, the server immediately sends a HI challenge with a nonce. All clients must send a HELLO command to Faktory with a
pwdhash attribute based on that nonce.
The password is passed to the Faktory clients in the URL:
Faktory looks for a password in the FAKTORY_PASSWORD environment variable or in
Here's a one-liner to create a random hex password:
$ dd count=1 if=/dev/urandom 2>&1| shasum | tail -1 | cut -c1-32 0bf64d9491ca65b48f9fe07636680b1d
If you're using Docker, you can add the password as a managed secret.
$ echo "0bf64d9491ca65b48f9fe07636680b1d" | docker secret create faktory_password -
and then mount it into your Faktory container:
$ docker service create --name faktory --secret faktory_password contribsys/faktory:latest
If Faktory is configured to use a password, the Web UI also enables HTTP Basic Auth with that same password. The username can be any value.